Traceability: The Non-Negotiable Principle

At the heart of IEC 62304 lies the concept of traceability. This includes:
- Defined and testable software requirements,
- Documented architecture and design decisions,
- Aligned and recorded verification activities,
- Integrated risk control measures per ISO 14971,
- Management of software anomalies and configuration changes.
These principles apply universally—whether your team uses Scrum, Kanban, or any hybrid agile framework.

IEC 62304 and Agile: Compatible by Design

While IEC 62304 promotes a structured lifecycle, it is fundamentally methodology-agnostic. Agile development can align with its expectations when interpreted through the lens of outcomes and artifacts rather than rigid sequencing.

Sprints can deliver incrementally tested components; backlogs can map to requirements specifications. The key is that all lifecycle activities—from requirements through verification—are documented, reviewed, and controlled.

What matters is not how you build your software, but how well you can demonstrate that it’s safe, effective, and meets regulatory expectations.

In the U.S., this means showing clear alignment with FDA expectations—especially for submissions like 510(k), PMA, or De Novo. IEC 62304 helps bridge the gap between fast-moving development teams and the rigorous documentation standards the FDA expects.

For American software developers in regulated environments, the standard provides a roadmap for ensuring software requirements, testing, and risk management are all traceable and auditable—without sacrificing agility.

Alignment with Regulatory Expectations

Regulatory bodies continue to recognize and rely on IEC 62304, not for its lifecycle structure, but for its consistent, auditable expectations:

High level requirements, as indicated in Annex II - Medical Device Regulation (MDR 2017/745) may be traced to more software specific requirements indicated by IEC 62304, such as requirements, risk management, and configuration control​, software version history, and risk-based verification​ which are naturally supported by IEC 62304’s framework​. Even the FDA’s 2023 Guidance on software documentation directly maps back to IEC 62304 concepts.

In the United States, the Food and Drug Administration (FDA) continues to align its software documentation expectations with the principles laid out in IEC 62304. For manufacturers marketing medical devices in the U.S., IEC 62304 supports compliance not only with FDA requirements but also with software lifecycle expectations under the MDSAP program.

U.S.-based developers can leverage IEC 62304 as a foundational standard to streamline submissions for 510(k) and PMA pathways by ensuring clear traceability and risk control.

DQS Inc., headquartered in Schaumburg, IL, is ready to support U.S. manufacturers with audits and certifications that recognize IEC 62304 as a globally harmonized standard.

What regulators want is assurance that manufacturers understand their software, can verify its behavior, and can mitigate its risks. IEC 62304 remains the most globally harmonized way to provide that assurance.

What regulators want is assurance that manufacturers understand their software, can verify its behavior, and can mitigate its risks. IEC 62304 remains the most globally harmonized way to provide that assurance.

As a Notified Body under MDR, DQS-MED continues to recognize IEC 62304 as the most suitable standard for structured documentation of medical device software lifecycle processes.